README.md: first draft of Supervisor additions

Signed-off-by: Margo Crawford <margaretc@vmware.com>

README.md

@@ -23,11 +23,22 @@ with IDPs, and distribution-specific integration strategies.
 
 ### Architecture
 
-Pinniped offers credential exchange to enable a user to exchange an external IDP
+The Pinniped Supervisor component offers identity federation to enable a user to
-credential for a short-lived, cluster-specific credential. Pinniped supports various
+access multiple clusters with a single daily login to their external IDP. The
-IDP types and implements different integration strategies for various Kubernetes
+Pinniped Supervisor supports various external [IDP
+types](https://github.com/vmware-tanzu/pinniped/tree/main/generated/1.19#k8s-api-idp-supervisor-pinniped-dev-v1alpha1).
+
+The Pinniped Concierge component offers credential exchange to enable a user to
+exchange an external credential for a short-lived, cluster-specific
+credential. Pinniped supports various [authentication
+methods](https://github.com/vmware-tanzu/pinniped/tree/main/generated/1.19#authenticationconciergepinnipeddevv1alpha1)
+and implements different integration strategies for various Kubernetes
 distributions to make authentication possible.
 
+The Pinniped Concierge can be configured to hook into the Pinniped Supervisor's
+federated credentials, or it can authenticate users directly via external IDP
+credentials.
+
 To learn more, see [architecture](https://pinniped.dev/docs/architecture/).
 
 <img src="site/content/docs/img/pinniped_architecture.svg" alt="Pinniped Architecture Sketch" width="300px"/>